|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
HJT logi, täällä on joku...
|
|
|
Hujo
Suspended permanently
|
10. joulukuuta 2008 @ 01:21 |
Linkki tähän viestiin
|
|
Laita piilotiedostot pois näkyvistä.
scannaa hjt:llä merkkaa paina Fix checked
O20 - Winlogon Notify: 1_blade_1reg - C:\Documents and Settings\All Users\Tiedostot\Settings\1_blade_1.dll
===============
scannaa uusi combofix loki
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
10. joulukuuta 2008 @ 15:16 |
Linkki tähän viestiin
|
ComboFix 08-12-09.02 - Juhani1 2008-12-10 14:35:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.56 [GMT 2:00]
Sijainti: c:\documents and settings\Juhani1\Työpöytä\ComboFix.exe
* Uusi palautuspiste luotu
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.reg
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-10 to 2008-12-10 )))))))))))))))))
.
2008-12-09 18:32 . 2008-12-09 18:32 579,072 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-09 18:29 . 2008-12-09 18:30 <KANSIO> d-------- c:\windows\ERUNT
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\Juhani1\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 15:06 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-09 14:24 . 2008-12-09 14:24 <KANSIO> d-------- c:\program files\Trend Micro
2008-11-12 13:23 . 2008-11-12 13:23 <KANSIO> d-------- c:\program files\MSXML 4.0
2008-11-12 12:32 . 2008-09-04 19:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 12:32 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 12:43 24,473,632 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-09 23:20 290,192 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-09 22:44 1,848,320 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-08 17:21 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-08 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-11 15:26 --------- d-----w c:\documents and settings\Juhani1\Application Data\Image Zone Express
2008-11-11 15:10 --------- d-----w c:\documents and settings\Juhani1\Application Data\Printer Info Cache
2008-10-25 14:35 --------- d-----w c:\documents and settings\Juhani1\Application Data\Nokia
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 18:31 --------- d-----w c:\program files\Maxis
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2003-06-01 08:45 67,376 ----a-w c:\documents and settings\Juhani1\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-12-09_16.59.19,58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-12-09 16:30:15 7,348,224 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-12-09 16:30:15 28,672 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-12-09 16:30:05 7,348,224 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-12-09 16:30:05 28,672 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-12-10 09:42:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4f8.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 188416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"nwiz"="nwiz.exe" [2003-05-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\1_blade_1reg]
2006-05-01 09:58 13624 c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.xvid"= xvid.dll
"aux1"= ctwdm32.dll
"aux2"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Juhani1^Käynnistä-valikko^Ohjelmat^Käynnistys^PowerReg Scheduler.exe]
path=c:\documents and settings\Juhani1\Käynnistä-valikko\Ohjelmat\Käynnistys\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-10 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-10 20560]
R3 FastNIC;SMC EZ Card 10/100 (SMC1244TX V2) Driver;c:\windows\system32\DRIVERS\FastNIC.sys [2003-07-09 35840]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Juhani1\Application Data\Mozilla\Firefox\Profiles\0znvna09.default\
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 14:42:01
Windows 5.1.2600 Service Pack 3 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------
- - - - - - - > 'winlogon.exe'(524)
c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll
.
Valmistumisajankohta: 2008-12-10 14:47:57
ComboFix-quarantined-files.txt 2008-12-10 12:47:48
ComboFix2.txt 2008-12-09 15:00:32
Ennen ajoa: 5 029 793 792 tavua vapaana
Ajon jälkeen: 5,018,189,824 tavua vapaana
146 --- E O F --- 2008-11-12 11:27:19
--------------------------------------------------------------------------------------
Ei se tainnu vieläkään lähteä iexplore pyörii edelleen taustalla.
|
|
Hujo
Suspended permanently
|
10. joulukuuta 2008 @ 16:20 |
Linkki tähän viestiin
|
|
scannaa uusi hjt:n loki
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
10. joulukuuta 2008 @ 18:07 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:26, on 10.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for ¸æ×�: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1189089126887
O20 - Winlogon Notify: 1_blade_1reg - C:\Documents and Settings\All Users\Tiedostot\Settings\1_blade_1.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5397 bytes
|
|
Hujo
Suspended permanently
|
10. joulukuuta 2008 @ 20:10 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
11. joulukuuta 2008 @ 20:06 |
Linkki tähän viestiin
|
File C:\WINDOWS\w.hta infected by "Trojan-Downloader.HTML.Agent.ae" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\cmd.ftp infected by "Trojan-Downloader.BAT.Ftp.cq" Virus. Action Taken: File Deleted.
File C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004 infected by "Backdoor.Win32.SdBot.mb" Virus. Action Taken: File to be renamed on reboot.
File C:\System Volume Information\_restore{907664AF-AE3B-4B20-8494-9AECE3FB2138}\RP821\A0428603.hta infected by "Trojan-Downloader.HTML.Agent.ae" Virus. Action Taken: File Deleted.
|
|
Hujo
Suspended permanently
|
12. joulukuuta 2008 @ 06:58 |
Linkki tähän viestiin
|
Tarkista Kaspersky Online Skannerilla
1. Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
2. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
3. Kun lataus on valmis, klikkaa Settings.
4. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
5. Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
6. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
7. Näet listan saastuneista kohteista. Klikkaa Save Report As....
8. Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
9. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
12. joulukuuta 2008 @ 12:17 |
Linkki tähän viestiin
|
|
Starting java applet has failed! Please go online to use this program.
Eli ei lähde ohjelma pyörimään. Mitäs nyt?
|
|
Hujo
Suspended permanently
|
12. joulukuuta 2008 @ 12:40 |
Linkki tähän viestiin
|
Lataa Lop S&D täältä
Tuplaklikkaa Lop S&D.exeä
Valitse Suomi kieleksi painamalla U ja Enter.
Tämän jälkeen valitse Optio 1 (Etsi) painamalla 1 ja Enter
Odota, kunnes tarkistus on valmis
Loki avautuu muistioon. Lähetä se seuraavassa viestissäsi. Se löytyy myös sijainnista C:\lopR.txt
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
12. joulukuuta 2008 @ 14:10 |
Linkki tähän viestiin
|
|
Päivitin javan niin kaspersky rupesi toimimaan.
|
|
Hujo
Suspended permanently
|
12. joulukuuta 2008 @ 14:15 |
Linkki tähän viestiin
|
|
sitten pystyy noi molemmat ajaan
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
12. joulukuuta 2008 @ 17:13 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:51, on 12.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Juhani1\Local Settings\temp\jkos-Juhani1\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for ¸æ×�: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1189089126887
O20 - Winlogon Notify: 1_blade_1reg - C:\Documents and Settings\All Users\Tiedostot\Settings\1_blade_1.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6174 bytes
-------------------------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 12, 2008 09:01:27
Records in database: 1454144
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Files scanned: 62270
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:36:42
File name / Threat name / Threats count
C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004 Infected: Backdoor.Win32.SdBot.mb 1
The selected area was scanned.
|
|
Hujo
Suspended permanently
|
12. joulukuuta 2008 @ 17:24 |
Linkki tähän viestiin
|
|
sitten tuo Lop S&D
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
13. joulukuuta 2008 @ 12:03 |
Linkki tähän viestiin
|
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Duron(tm) Processor )
BIOS : Version 1.00
USER : Juhani1 ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081212-0] 4.8.1296 (Activated)
Firewall : ZoneAlarm Firewall 7.0.408.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:12 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:12 Go (Free:4 Go)
E:\ (Local Disk) - NTFS - Total:12 Go (Free:11 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( la 13.12.2008|11:39 )
--------------------\\ Listaa hakemistoja sijainnissa APPLIC~1
[12.03.2008|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[27.10.2007|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[29.09.2008|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[08.10.2008|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14.12.2007|19:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[09.12.2008|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[02.12.2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15.06.2002|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[29.09.2008|13:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[29.09.2008|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[19.05.2003|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[05.02.2006|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[08.12.2008|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[15.06.2003|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06.09.2007|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[0|tiedosto(a)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua
[17|kansio(ta)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tavua vapaana
[14.06.2002|08:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\tavua vapaana
[17.03.2008|11:35] C:\DOCUME~1\Juhani1\APPLIC~1\Adobe
[05.08.2008|12:21] C:\DOCUME~1\Juhani1\APPLIC~1\gtk-2.0
[09.10.2007|17:49] C:\DOCUME~1\Juhani1\APPLIC~1\gtopala
[06.03.2003|11:01] C:\DOCUME~1\Juhani1\APPLIC~1\Help
[30.11.2007|16:11] C:\DOCUME~1\Juhani1\APPLIC~1\HP
[14.06.2002|08:42] C:\DOCUME~1\Juhani1\APPLIC~1\Identities
[11.11.2008|17:26] C:\DOCUME~1\Juhani1\APPLIC~1\Image Zone Express
[31.07.2002|17:27] C:\DOCUME~1\Juhani1\APPLIC~1\InterTrust
[10.02.2003|15:56] C:\DOCUME~1\Juhani1\APPLIC~1\Jasc
[13.03.2005|12:48] C:\DOCUME~1\Juhani1\APPLIC~1\Keyhole
[17.07.2008|17:05] C:\DOCUME~1\Juhani1\APPLIC~1\Looney Tunes
[03.01.2005|22:07] C:\DOCUME~1\Juhani1\APPLIC~1\Macromedia
[09.12.2008|15:06] C:\DOCUME~1\Juhani1\APPLIC~1\Malwarebytes
[30.01.2008|20:47] C:\DOCUME~1\Juhani1\APPLIC~1\Microsoft
[07.07.2003|18:09] C:\DOCUME~1\Juhani1\APPLIC~1\Microsoft Web Folders
[01.09.2008|11:18] C:\DOCUME~1\Juhani1\APPLIC~1\Mozilla
[15.06.2002|16:09] C:\DOCUME~1\Juhani1\APPLIC~1\MSN6
[25.10.2008|16:35] C:\DOCUME~1\Juhani1\APPLIC~1\Nokia
[08.10.2008|15:54] C:\DOCUME~1\Juhani1\APPLIC~1\PC Suite
[11.11.2008|17:10] C:\DOCUME~1\Juhani1\APPLIC~1\Printer Info Cache
[05.09.2007|15:29] C:\DOCUME~1\Juhani1\APPLIC~1\Skype
[08.04.2006|15:46] C:\DOCUME~1\Juhani1\APPLIC~1\Sun
[14.10.2002|02:15] C:\DOCUME~1\Juhani1\APPLIC~1\Symantec
[02.01.2003|17:14] C:\DOCUME~1\Juhani1\APPLIC~1\Syntrillium
[04.12.2007|21:17] C:\DOCUME~1\Juhani1\APPLIC~1\Thunderbird
[0|tiedosto(a)] C:\DOCUME~1\Juhani1\APPLIC~1\tavua
[27|kansio(ta)] C:\DOCUME~1\Juhani1\APPLIC~1\tavua vapaana
[10.02.2008|19:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\LOCALS~1\APPLIC~1\tavua vapaana
[31.08.2008|22:39] C:\DOCUME~1\M&~1\APPLIC~1\Adobe
[07.08.2008|16:01] C:\DOCUME~1\M&~1\APPLIC~1\HP
[07.08.2008|10:23] C:\DOCUME~1\M&~1\APPLIC~1\Identities
[29.09.2008|16:04] C:\DOCUME~1\M&~1\APPLIC~1\Image Zone Express
[07.08.2008|10:30] C:\DOCUME~1\M&~1\APPLIC~1\Macromedia
[29.09.2008|14:20] C:\DOCUME~1\M&~1\APPLIC~1\Microsoft
[31.08.2008|16:44] C:\DOCUME~1\M&~1\APPLIC~1\Mozilla
[29.09.2008|12:34] C:\DOCUME~1\M&~1\APPLIC~1\Nokia
[29.09.2008|12:22] C:\DOCUME~1\M&~1\APPLIC~1\PC Suite
[07.08.2008|16:27] C:\DOCUME~1\M&~1\APPLIC~1\Printer Info Cache
[02.12.2008|23:33] C:\DOCUME~1\M&~1\APPLIC~1\Sun
[07.08.2008|16:31] C:\DOCUME~1\M&~1\APPLIC~1\Thunderbird
[0|tiedosto(a)] C:\DOCUME~1\M&~1\APPLIC~1\tavua
[14|kansio(ta)] C:\DOCUME~1\M&~1\APPLIC~1\tavua vapaana
[06.09.2007|16:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\NETWOR~1\APPLIC~1\tavua vapaana
[15.06.2003|19:58] C:\DOCUME~1\VIERAS~1.JOH\APPLIC~1\Microsoft
[0|tiedosto(a)] C:\DOCUME~1\VIERAS~1.JOH\APPLIC~1\tavua
[3|kansio(ta)] C:\DOCUME~1\VIERAS~1.JOH\APPLIC~1\tavua vapaana
--------------------\\ Ajoitetut tehtävät sijaitsee C:\WINDOWS\Tasks
[13.12.2008 11:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09.10.2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files
[02.07.2008|14:23] C:\Program Files\Adobe
[12.05.2004|19:57] C:\Program Files\Alwil Software
[29.06.2003|21:47] C:\Program Files\AnalogX
[03.03.2008|19:29] C:\Program Files\Arkhimedes3
[08.10.2002|07:33] C:\Program Files\BSPlayer
[10.12.2008|14:39] C:\Program Files\Common Files
[14.06.2002|08:27] C:\Program Files\ComPlus Applications
[01.12.2002|17:57] C:\Program Files\Creative
[29.09.2008|11:45] C:\Program Files\DIFX
[03.09.2002|15:28] C:\Program Files\directx
[13.10.2002|08:12] C:\Program Files\DirectX9
[08.10.2002|07:25] C:\Program Files\DivX
[12.03.2008|18:58] C:\Program Files\GIMP-2.0
[12.12.2008|12:19] C:\Program Files\InstallShield Installation Information
[22.10.2008|21:02] C:\Program Files\Internet Explorer
[12.12.2008|12:38] C:\Program Files\Java
[04.12.2007|22:27] C:\Program Files\Lavasoft
[13.10.2002|08:12] C:\Program Files\license
[12.12.2008|12:19] C:\Program Files\Logitech
[09.12.2008|15:06] C:\Program Files\Malwarebytes' Anti-Malware
[23.10.2008|20:31] C:\Program Files\Maxis
[22.10.2008|19:06] C:\Program Files\Messenger
[16.12.2003|21:12] C:\Program Files\microsoft frontpage
[16.07.2002|13:32] C:\Program Files\Microsoft Hardware
[02.12.2008|12:44] C:\Program Files\Microsoft Office
[06.03.2003|11:05] C:\Program Files\Microsoft Visual Studio
[22.10.2008|18:43] C:\Program Files\Movie Maker
[13.12.2008|11:36] C:\Program Files\Mozilla Firefox
[08.12.2008|19:21] C:\Program Files\Mozilla Thunderbird
[14.06.2002|08:26] C:\Program Files\MSN
[14.06.2002|08:26] C:\Program Files\MSN Gaming Zone
[12.11.2008|13:23] C:\Program Files\MSXML 4.0
[29.09.2008|12:54] C:\Program Files\MSXML 6.0
[10.07.2002|19:18] C:\Program Files\MusicMatch
[22.10.2008|18:30] C:\Program Files\NetMeeting
[29.09.2008|12:55] C:\Program Files\Nokia
[03.03.2008|19:50] C:\Program Files\Note Shot Finance
[21.01.2005|08:24] C:\Program Files\OfficeUpdate11
[14.06.2002|08:29] C:\Program Files\Online Services
[29.06.2003|20:49] C:\Program Files\OpenOffice
[29.06.2003|20:55] C:\Program Files\OpenOffice.org1.0
[22.10.2008|18:30] C:\Program Files\Outlook Express
[29.09.2008|11:44] C:\Program Files\PC Connectivity Solution
[15.06.2003|19:58] C:\Program Files\QuickTime
[12.02.2004|22:24] C:\Program Files\ScreenMates
[14.06.2002|14:58] C:\Program Files\TEXTware
[06.09.2007|16:36] C:\Program Files\ToniArts
[09.12.2008|14:24] C:\Program Files\Trend Micro
[14.08.2003|20:55] C:\Program Files\Uninstall Information
[30.01.2008|20:58] C:\Program Files\Windows Media Connect 2
[22.10.2008|18:30] C:\Program Files\Windows Media Player
[22.10.2008|18:30] C:\Program Files\Windows NT
[06.09.2007|16:36] C:\Program Files\WindowsUpdate
[14.06.2002|08:31] C:\Program Files\xerox
[08.10.2002|07:26] C:\Program Files\XviD
[25.01.2006|17:13] C:\Program Files\Zone Labs
[0|tiedosto(a)] C:\Program Files\tavua
[58|kansio(ta)] C:\Program Files\tavua vapaana
--------------------\\ Listaa hakemistoja sijainnissa C:\Program Files\Common Files
[12.03.2008|18:53] C:\Program Files\Common Files\Adobe
[03.03.2008|19:25] C:\Program Files\Common Files\Designer
[23.06.2002|12:03] C:\Program Files\Common Files\DirectX
[09.07.2003|14:37] C:\Program Files\Common Files\EPSON
[16.01.2005|18:18] C:\Program Files\Common Files\GST
[27.10.2007|15:15] C:\Program Files\Common Files\Hewlett-Packard
[06.09.2007|16:35] C:\Program Files\Common Files\InstallShield
[05.04.2006|19:57] C:\Program Files\Common Files\Java
[08.10.2002|09:07] C:\Program Files\Common Files\LHSPF
[10.07.2002|19:16] C:\Program Files\Common Files\Logitech
[29.09.2008|12:52] C:\Program Files\Common Files\Microsoft Shared
[14.06.2002|08:27] C:\Program Files\Common Files\MSSoap
[29.09.2008|12:52] C:\Program Files\Common Files\Nokia
[14.06.2002|09:09] C:\Program Files\Common Files\ODBC
[29.09.2008|11:46] C:\Program Files\Common Files\PCSuite
[01.09.2002|14:41] C:\Program Files\Common Files\Services
[14.06.2002|09:09] C:\Program Files\Common Files\SpeechEngines
[22.10.2008|18:30] C:\Program Files\Common Files\System
[08.10.2002|09:07] C:\Program Files\Common Files\WexTech Shared
[04.12.2007|22:26] C:\Program Files\Common Files\Wise Installation Wizard
[0|tiedosto(a)] C:\Program Files\Common Files\tavua
[22|kansio(ta)] C:\Program Files\Common Files\tavua vapaana
--------------------\\ Process
( 35 Processes )
IEXPLORE.EXE ~ [PID:936]
--------------------\\ Etsii S_Lopilla
Lopin kansioita ei löytynyt !
--------------------\\ Etsii Lopin tiedostoja ja kansioita
Lopin kansioita ei löytynyt !
--------------------\\ Etsii rekisterikohteita
..... OK !
--------------------\\ Tarkistaa Hosts-tiedostoa
Hosts-tiedosto PUHDAS
--------------------\\ Tarkistaa Catchmella onko piilotettuja tiedostoja
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 11:52:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Tarkistaa muita infektioita
Muita infektiota ei löytynyt !
[F:934][D:15]-> C:\DOCUME~1\Juhani1\LOCALS~1\Temp
[F:2][D:0]-> C:\DOCUME~1\Juhani1\Cookies
[F:6][D:4]-> C:\DOCUME~1\Juhani1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - la 13.12.2008|11:54 - Option : [1]
--------------------\\ Tarkistus valmistui 11:54:39
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 13. joulukuuta 2008 @ 12:08
|
|
Hujo
Suspended permanently
|
13. joulukuuta 2008 @ 20:04 |
Linkki tähän viestiin
|
Avaa Muistio ja kopioi/liitä lainauksen sisältö sinne:
Lainaus:
Folder::
c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\1_blade_1reg]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
14. joulukuuta 2008 @ 16:59 |
Linkki tähän viestiin
|
ComboFix 08-12-09.02 - Juhani1 2008-12-14 16:09:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.48 [GMT 2:00]
Running from: c:\documents and settings\Juhani1\Ty?p?yt?\ComboFix.exe
Command switches used :: c:\documents and settings\Juhani1\Ty?p?yt?\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll\
.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.
2008-12-13 20:59 . 2008-12-13 20:59 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-13 20:56 . 2008-12-13 20:58 <KANSIO> d-------- c:\program files\Common Files\HP
2008-12-13 20:52 . 2008-12-13 20:54 <KANSIO> d-------- c:\program files\Hewlett-Packard
2008-12-13 20:44 . 2008-12-13 20:58 <KANSIO> d-------- c:\program files\HP
2008-12-13 20:41 . 2008-12-13 21:09 127,436 --a------ c:\windows\hpoins11.dat
2008-12-13 11:38 . 2008-12-13 11:54 <KANSIO> d-------- C:\Lop SD
2008-12-12 12:39 . 2008-12-12 12:38 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 12:39 . 2008-12-12 12:38 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-11 19:05 . 2008-12-11 19:05 0 --a------ C:\23990098.$$$
2008-12-11 13:50 . 2008-12-11 14:03 <KANSIO> d-------- C:\Downloads
2008-12-11 13:50 . 2008-12-11 13:59 <KANSIO> d-------- C:\Bases
2008-12-11 13:45 . 2008-12-11 14:03 <KANSIO> d-------- C:\Kaspersky
2008-12-09 18:32 . 2008-12-09 18:32 579,072 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-09 18:29 . 2008-12-09 18:30 <KANSIO> d-------- c:\windows\ERUNT
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\Juhani1\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 15:06 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-09 14:24 . 2008-12-09 14:24 <KANSIO> d-------- c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 22:25 297,104 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-13 22:25 25,098,272 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-12 10:38 --------- d-----w c:\program files\Java
2008-12-12 10:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 10:19 --------- d-----w c:\program files\Logitech
2008-12-09 22:44 1,848,320 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-08 17:21 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-12 11:23 --------- d-----w c:\program files\MSXML 4.0
2008-11-11 15:26 --------- d-----w c:\documents and settings\Juhani1\Application Data\Image Zone Express
2008-11-11 15:10 --------- d-----w c:\documents and settings\Juhani1\Application Data\Printer Info Cache
2008-10-25 14:35 --------- d-----w c:\documents and settings\Juhani1\Application Data\Nokia
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 18:31 --------- d-----w c:\program files\Maxis
2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:01 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2003-06-01 08:45 67,376 ----a-w c:\documents and settings\Juhani1\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-12-09_16.59.19,58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-12-09 16:30:15 7,348,224 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-12-09 16:30:15 28,672 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 13:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-12-09 16:30:05 7,348,224 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-12-09 16:30:05 28,672 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-04-19 21:05:28 11,634 ----a-w c:\windows\hpomdl11.dat
+ 2008-12-13 18:58:21 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\ARPPRODUCTICON.exe
+ 2008-12-13 18:58:21 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe
+ 2008-12-13 18:58:21 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut3_D7CAE58E26DE49B7A75DEAEDF76726BE_3.exe
+ 2008-12-13 18:58:21 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut7_856D48883B484D0C99D439AA7CF9DB2E.exe
+ 2008-12-13 18:54:12 65,536 ----a-r c:\windows\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\ARPPRODUCTICON.exe
+ 2008-12-13 18:54:12 643,072 ----a-r c:\windows\Installer\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
+ 2008-12-13 18:56:05 65,536 ----a-r c:\windows\Installer\{DBC20735-34E6-4E97-A9E5-2066B66B243D}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2008-10-23 12:38:22 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-06-17 23:09:22 100,864 -c----w c:\windows\system32\dllcache\logagent.exe
- 2008-08-20 05:10:34 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-16 01:01:58 3,088,896 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 05:10:33 1,498,624 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 01:01:57 1,498,624 -c----w c:\windows\system32\dllcache\shdocvw.dll
- 2008-04-14 16:11:54 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:03:58 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-20 05:10:34 619,008 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 01:01:57 619,008 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-20 05:10:33 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 01:01:57 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-06-18 03:03:08 938,496 -c----w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 19:47:22 2,450,944 -c----w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 03:03:14 2,458,112 -c----w c:\windows\system32\dllcache\WMVCore.dll
+ 2005-12-09 11:47:32 1,645,320 ----a-w c:\windows\system32\gdiplus.dll
+ 2004-05-27 13:00:52 118,784 ----a-r c:\windows\system32\HPODXPAT.DLL
- 2006-03-03 18:03:38 282,680 ----a-w c:\windows\system32\HPZidr12.dll
+ 2006-03-03 19:03:38 282,680 ----a-w c:\windows\system32\HPZidr12.dll
- 2006-03-03 18:03:22 65,536 ----a-w c:\windows\system32\HPZinw12.exe
+ 2006-03-03 19:03:22 65,536 ----a-w c:\windows\system32\HPZinw12.exe
- 2006-03-03 18:02:58 204,800 ----a-w c:\windows\system32\HPZipr12.dll
+ 2006-03-03 19:02:58 204,800 ----a-w c:\windows\system32\HPZipr12.dll
- 2006-03-03 18:02:30 94,208 ----a-w c:\windows\system32\HPZipt12.dll
+ 2006-03-03 19:02:30 94,208 ----a-w c:\windows\system32\HPZipt12.dll
- 2006-03-03 18:02:04 57,344 ----a-w c:\windows\system32\HPZisn12.dll
+ 2006-03-03 19:02:04 57,344 ----a-w c:\windows\system32\HPZisn12.dll
- 2005-04-12 23:19:56 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-12-12 10:38:20 144,792 ----a-w c:\windows\system32\java.exe
- 2005-04-12 23:20:04 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-12 10:38:20 144,792 ----a-w c:\windows\system32\javaw.exe
- 2005-04-13 00:48:54 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-12 10:38:20 148,888 ----a-w c:\windows\system32\javaws.exe
- 2006-10-18 18:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-17 23:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2003-03-18 18:44:36 40,960 ----a-w c:\windows\system32\MFC71CHS.DLL
+ 2003-03-18 18:44:36 45,056 ----a-w c:\windows\system32\MFC71CHT.DLL
+ 2003-03-18 18:44:34 65,536 ----a-w c:\windows\system32\MFC71DEU.DLL
+ 2003-03-18 18:44:38 57,344 ----a-w c:\windows\system32\MFC71ENU.DLL
+ 2003-03-18 18:44:36 61,440 ----a-w c:\windows\system32\MFC71ESP.DLL
+ 2003-03-18 18:44:34 61,440 ----a-w c:\windows\system32\MFC71FRA.DLL
+ 2003-03-18 18:44:36 61,440 ----a-w c:\windows\system32\MFC71ITA.DLL
+ 2003-03-18 18:44:34 49,152 ----a-w c:\windows\system32\MFC71JPN.DLL
+ 2003-03-18 18:44:38 49,152 ----a-w c:\windows\system32\MFC71KOR.DLL
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-20 05:10:34 3,088,896 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-16 01:01:58 3,088,896 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-20 05:10:33 1,498,624 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 01:01:57 1,498,624 ----a-w c:\windows\system32\shdocvw.dll
- 2008-07-08 13:03:23 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:27 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 16:12:31 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-20 05:10:34 619,008 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 01:01:57 619,008 ----a-w c:\windows\system32\urlmon.dll
- 2006-10-18 19:47:20 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 03:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 19:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 03:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-14 12:48:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_528.dat
+ 2008-12-14 12:50:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5c4.dat
+ 2008-12-13 18:53:13 1,230,336 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 188416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"nwiz"="nwiz.exe" [2003-05-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\1_blade_1reg]
2006-05-01 09:58 13624 c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.xvid"= xvid.dll
"aux1"= ctwdm32.dll
"aux2"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Juhani1^Käynnistä-valikko^Ohjelmat^Käynnistys^PowerReg Scheduler.exe]
path=c:\documents and settings\Juhani1\Käynnistä-valikko\Ohjelmat\Käynnistys\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-12 12:38 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-10 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-10 20560]
R3 FastNIC;SMC EZ Card 10/100 (SMC1244TX V2) Driver;c:\windows\system32\DRIVERS\FastNIC.sys [2003-07-09 35840]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Juhani1\Application Data\Mozilla\Firefox\Profiles\0znvna09.default\
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 16:17:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(508)
c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll
.
Completion time: 2008-12-14 16:21:24
ComboFix-quarantined-files.txt 2008-12-14 14:21:17
ComboFix2.txt 2008-12-10 12:48:02
ComboFix3.txt 2008-12-09 15:00:32
Pre-Run: 4˙445˙229˙056 tavua vapaana
Post-Run: 4,508,708,864 tavua vapaana
250 --- E O F --- 2008-12-11 23:20:30
|
|
Hujo
Suspended permanently
|
14. joulukuuta 2008 @ 17:06 |
Linkki tähän viestiin
|
sammuta ja käynnistä
scannaa sitten uusi hjt:n loki
=====
Luo poistolista:
? Avaa HiJackThis
? Klikkaa "Configure" valintaa oikealla alhaalla
? Klikkaa "Misc Tools"
? Klikkaa boxia joka sanoo "Uninstall Manager"
? Klikkaa valintaa "Save list"
? Kopioi ja liitä kyseinen lista muistiosta ketjuusi
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 14. joulukuuta 2008 @ 17:10
|
|
Sonjaana
Junior Member
|
14. joulukuuta 2008 @ 17:15 |
Linkki tähän viestiin
|
Ad-Aware 2007
Adobe Acrobat 4.0, 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.2 - Suomi
Arkhimedes 3.0 (5)
avast! Antivirus
BSPlayer (remove only)
dBpowerAMP Music Converter
DivX 5.0.3 Bundle
EasyCleaner
GIMP 2.4.5
GrooveMaker SE
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
Hotfix-päivitys Windows XP:lle (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 11
Logitech MouseWare 9.41 .1
LucasArts' Curse of Monkey Island
MAGIX music maker basic
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Professional
Microsoft Office 2000 Small Business
Microsoft Office XP Standard opiskelijoille ja opettajille
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Midifiles 1.0
Mozilla Firefox (2.0.0.18)
Mozilla Thunderbird (2.0.0.16)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nokia Connectivity Cable Driver
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 1.0
PC Connectivity Solution
PowerDVD
Päivitys Windows XP:lle (KB951072-v2)
Päivitys Windows XP:lle (KB951978)
Päivitys Windows XP:lle (KB955839)
QuickTime
SimCity 3000
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Media Player 11:lle (KB936782)
Suojauspäivitys Windows Media Player 11:lle (KB954154)
Suojauspäivitys Windows Media Player 8:lle (KB917734)
Suojauspäivitys Windows Media Playerille (KB952069)
Suojauspäivitys Windows XP:lle (KB938464)
Suojauspäivitys Windows XP:lle (KB946648)
Suojauspäivitys Windows XP:lle (KB950759)
Suojauspäivitys Windows XP:lle (KB950760)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB950974)
Suojauspäivitys Windows XP:lle (KB951066)
Suojauspäivitys Windows XP:lle (KB951376)
Suojauspäivitys Windows XP:lle (KB951376-v2)
Suojauspäivitys Windows XP:lle (KB951698)
Suojauspäivitys Windows XP:lle (KB952954)
Suojauspäivitys Windows XP:lle (KB953838)
Suojauspäivitys Windows XP:lle (KB953839)
Suojauspäivitys Windows XP:lle (KB954211)
Suojauspäivitys Windows XP:lle (KB954459)
Suojauspäivitys Windows XP:lle (KB954600)
Suojauspäivitys Windows XP:lle (KB955069)
Suojauspäivitys Windows XP:lle (KB956390)
Suojauspäivitys Windows XP:lle (KB956391)
Suojauspäivitys Windows XP:lle (KB956802)
Suojauspäivitys Windows XP:lle (KB956841)
Suojauspäivitys Windows XP:lle (KB957095)
Suojauspäivitys Windows XP:lle (KB957097)
Suojauspäivitys Windows XP:lle (KB958215)
Suojauspäivitys Windows XP:lle (KB958644)
WebSounds 1.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 3.8)
Windowsin ohjainpaketti - Nokia Modem (05/22/2008 7.00.0.1)
Windowsin ohjainpaketti - Nokia pccsmcfd (10/12/2007 6.85.4.0)
XviD MPEG-4 Codec
ZoneAlarm
|
|
Hujo
Suspended permanently
|
14. joulukuuta 2008 @ 17:26 |
Linkki tähän viestiin
|
Poista lisää poista sovelutuksesta
J2SE Runtime Environment 5.0 Update 3
===============
Mozilla Firefox (2.0.0.18) päivitä uudenpaan versioon
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
14. joulukuuta 2008 @ 20:36 |
Linkki tähän viestiin
|
|
Vanhan javan poistin mutta mozillaa en päivitä kiitos vaan. Se uusi on aivan kamala.
iexplore.exe ja _blade_ on ja pysyy. Löytykö nyt semmonen viirus jota ei kukaan saa pois? :D
|
|
Hujo
Suspended permanently
|
14. joulukuuta 2008 @ 20:46 |
Linkki tähän viestiin
|
Avaa Muistio ja kopioi/liitä lainauksen sisältö sinne:
Lainaus:
File::
C:\Documents and Settings\All Users\Tiedostot\Settings\1_blade_1.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\1_blade_1reg]
Tallenna se nimellä CFScript.txt
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
14. joulukuuta 2008 @ 21:29 |
Linkki tähän viestiin
|
|
Mä tein ton jo kerran ja combo muka poisti sen. Joko se ei oikeesti poistunut tai se tulee aina takaisin...
|
|
Hujo
Suspended permanently
|
14. joulukuuta 2008 @ 21:40 |
Linkki tähän viestiin
|
|
tee uudestaan ... :)
Voiko tietsikka koskaan toimia?
|
|
Sonjaana
Junior Member
|
14. joulukuuta 2008 @ 22:27 |
Linkki tähän viestiin
|
ComboFix 08-12-14.01 - Juhani1 2008-12-14 21:55:06.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.255.76 [GMT 2:00]
Sijainti: c:\documents and settings\Juhani1\Työpöytä\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\Juhani1\Työpöytä\CFScript.txt
* Uusi palautuspiste luotu
FILE ::
c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Tiedostot\Settings\1_blade_1.dll
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-14 to 2008-12-14 )))))))))))))))))
.
2008-12-13 20:59 . 2008-12-13 20:59 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-13 20:56 . 2008-12-13 20:58 <KANSIO> d-------- c:\program files\Common Files\HP
2008-12-13 20:52 . 2008-12-13 20:54 <KANSIO> d-------- c:\program files\Hewlett-Packard
2008-12-13 20:44 . 2008-12-13 20:58 <KANSIO> d-------- c:\program files\HP
2008-12-13 20:41 . 2008-12-13 21:09 127,436 --a------ c:\windows\hpoins11.dat
2008-12-13 11:38 . 2008-12-13 11:54 <KANSIO> d-------- C:\Lop SD
2008-12-12 12:39 . 2008-12-12 12:38 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 12:39 . 2008-12-12 12:38 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-11 19:05 . 2008-12-11 19:05 0 --a------ C:\23990098.$$$
2008-12-11 13:50 . 2008-12-11 14:03 <KANSIO> d-------- C:\Downloads
2008-12-11 13:50 . 2008-12-11 13:59 <KANSIO> d-------- C:\Bases
2008-12-11 13:45 . 2008-12-11 14:03 <KANSIO> d-------- C:\Kaspersky
2008-12-09 18:32 . 2008-12-09 18:32 579,072 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-09 18:29 . 2008-12-09 18:30 <KANSIO> d-------- c:\windows\ERUNT
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\Juhani1\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-09 15:06 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 15:06 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 15:06 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-09 14:24 . 2008-12-09 14:24 <KANSIO> d-------- c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 20:05 297,104 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-14 20:05 25,098,272 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-14 15:47 --------- d-----w c:\program files\Java
2008-12-12 10:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 10:19 --------- d-----w c:\program files\Logitech
2008-12-09 22:44 1,848,320 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-12-08 17:21 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-12 11:23 --------- d-----w c:\program files\MSXML 4.0
2008-11-11 15:26 --------- d-----w c:\documents and settings\Juhani1\Application Data\Image Zone Express
2008-11-11 15:10 --------- d-----w c:\documents and settings\Juhani1\Application Data\Printer Info Cache
2008-10-25 14:35 --------- d-----w c:\documents and settings\Juhani1\Application Data\Nokia
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 18:31 --------- d-----w c:\program files\Maxis
2008-10-23 12:38 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:01 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2003-06-01 08:45 67,376 ----a-w c:\documents and settings\Juhani1\Application Data\GDIPFONTCACHEV1.DAT
2008-11-15 21:04 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-15 21:04 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-15 21:04 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-15 21:04 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-15 21:04 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( snapshot_2008-12-14_16.19.52,79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-14 20:06:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_50c.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 188416]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"nwiz"="nwiz.exe" [2003-05-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.xvid"= xvid.dll
"aux1"= ctwdm32.dll
"aux2"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Juhani1^Käynnistä-valikko^Ohjelmat^Käynnistys^PowerReg Scheduler.exe]
path=c:\documents and settings\Juhani1\Käynnistä-valikko\Ohjelmat\Käynnistys\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-12 12:38 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-10 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-10 20560]
R3 FastNIC;SMC EZ Card 10/100 (SMC1244TX V2) Driver;c:\windows\system32\DRIVERS\FastNIC.sys [2003-07-09 35840]
.
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Juhani1\Application Data\Mozilla\Firefox\Profiles\0znvna09.default\
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 22:07:14
Windows 5.1.2600 Service Pack 3 NTFS
tarkistaa piilotettuja prosesseja ...
tarkistaa piilotettuja käynnistysarvoja ...
tarkistaa piilotettuja tiedostoja ...
tarkistus on valmis
piilotetut tiedostot: 0
**************************************************************************
.
------------------------ Muut prosessit ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\devldr32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Valmistumisajankohta: 2008-12-14 22:21:10 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2008-12-14 20:20:49
ComboFix2.txt 2008-12-14 14:21:28
ComboFix3.txt 2008-12-10 12:48:02
ComboFix4.txt 2008-12-09 15:00:32
Ennen ajoa: 5 029 273 600 tavua vapaana
Ajon jälkeen: 5,013,295,104 tavua vapaana
193 --- E O F --- 2008-12-11 23:20:30
---------------------------------------------------------------------------------
Tätä kysyt kuitenkin: :D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:14, on 14.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for ¸æ×�: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1189089126887
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6135 bytes
Täällä ei taida olla enää muita! :)
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 14. joulukuuta 2008 @ 22:29
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
14. joulukuuta 2008 @ 22:40 |
Linkki tähän viestiin
|
Lähti kun lämpes :D
Poista seuraavat resusinhallinasta
C:\Lop SD
C:\Bases
C:\Kaspersky
C:\SDFix
=============
Kirjoita suorita luukkuun
Combofix /u
paina OK
==============
Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.
Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.
HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.
==============
On niitä mutta ne on niin ujoja niinkuin miekii :D
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 14. joulukuuta 2008 @ 22:41
|
|
